Access
As someone with access to the BES Cyber Systems, I am required to take this annual training
What is CORP-0804 (Cyber & Physical Sec Awareness)
These are Cyber Assets that peform electronic access control or electronc access monitoring of the Electronic Security Perimeter(s) or BES Cyber Systems. This includes intermediate Systems.
What are Electronic Access Control or Monitoring Systems (EACMS)
The physical border surrounding locations in which BES Cyber Assets, BES Cyber Systems, or Electronic Access Control or Monitoring Systems reside, and for which access is controlled.
What is a PSP
As a System Owner for a high/medium impact BES Cyber System and/or associated EACMS/PACS/PCAs, I would need to ensure these are changed at least once every 15 months in order to avoid a CIP-007-6 R5.6 violation
What are shared credentials
This is the type of cyber asset that, once identified, all other CIP requirements revolve around
What are BES Cyber Assets?
The amount of time (in years) that a Personnel Risk Assessment is good for
What is 7
This is the term NERC uses to classify cyber assets that are not BCAs and do not control or monitor access, yet reside in the same ESP as a BES Cyber System.
What are Protected Cyber Assets (PCAs)
The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled
What is an ESP
Sharing a badge to allow someone to gain unauthorized access to a PSP would cause a violation within this CIP standard
What is CIP-006
WECC: also known as ________
The new CIP requirements that control vendor system-to-system remote access to BCS are covered under version 6 of this standard
What is CIP-005
Cyber Assets that control, alert, or log access to the Physical Security Perimeter(s), exclusive of locally mounted haredware or devices at the Physical Security Perimeter such as motion sensors, electronic control mechanisms, and badge readers, are called ____________
What are Physical Access Control Systems (PACS)
NERC-CIP: also known as ___________
What is the North American Electric Reliability Corporation Critical Infrastructure Protection
This is the requirement that all personnel with unescorted access to the Bulk Electric System Cyber Systems have completed a personnel risk assessment
What is CIP-004-6 R3
This is the vanity-URL for TO-CIP's official Intranet (not SharePoint) site, complete with details on each of the CIP standards and the CIP program in general.
What is http://tocip?
The name given for the process that PG&E executes in order to confirm a person's identify and review criminal background history
What is Personnel Risk Assessment (PRA)
Often specialized laptops, these are cyber assets that directly connect to a BES Cyber System for 30 or fewer calendar days and are capable of transmitting or transferring executable code.
What are Transient Cyber Assets (TCAs)
Nonpublic information about the Bulk Electric System Cyber System (including non-public information about the EACMS and PACS associated with the Bulk Electric System Cyber System) that, if used, could lead to unauthorized access to the Bulk Electric System Cyber System or could be used to threaten the security of the Bulk Electric System Cyber System
What is BCSI?
Low Impact BCS with routable connectivity must be enclosed within an _______ ________ in accordance with CIP-003-8 R2 Attachment 1 Section 3
What is an Electronic Boundary
TO-CIP's main evidence repository is called this
What is Appian?
This is the name of the application used to remote into the Operational Data Network
What is Citrix
This is the name of the EACMS cyber system PG&E uses to allow users to request access to roles and entitlements
What is MyElectronicAccess (MEA)
BES Cyber Systems perform one or more of these reliability functions
What are BROS?
As a System Owner, I am required to update the __________ within 30 days of any change that deviates from _______ in accordance with CIP-010-2 R1 (both blanks are the same word).
What are Baselines (or Baseline Configurations)
PG&E's CIP Senior Manager
Who is Tom French?